[Opendnssec-develop] On OpenDNSSEC Adapters
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Jun 29 14:27:28 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
As said in the meeting, I am working on the adapters in a separate
branch. In parallel, I am trying to see if I can reduce the memory usage.
In a nutshell:
In the current signer (1.{2,3}.x), The zone data is stored as a tree of
domains. On each domain, I maintain a collection of RRset structures.
Each RRset structure has a list of RRs that exist in the current version
of the zone, a list of RRs that have to be added and a list of RRs that
have to be removed.
To be able to introduce incremental adapters, I want to introduce a
journal entry at the top level of the zone data. When changing signer
configuration or reading a new version of the unsigned zone, I keep
track of all records that need to be added and removed this specific
update (including DNSKEYs, NSEC3PARAM, NSEC(3)s and RRSIGs). When having
a zone with an IXFR output adapter, the journal entry is written
(instead of the whole zone).
The main advantages are:
- - The adapter so to say is now presented with a journal entry and can
decide on purging and condensing strategies, without the signer kernel
having to worry about that.
- - No more need to maintain a list of RRs to be added and to be removed
at RRset structure (will save a lot of pointers and RR clones).
Best regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOCzZQAAoJEA8yVCPsQCW5MxoH/1Tvtkc+OCjCpN38y3QsFN6t
AI8a/Nymn3AtUpiMz/0AOZbkxG98K9wpFTZc8Fe2SVXfk7bTzX6aJsUO3cuScz0j
TrljrBMgvJjO2s0ZY2ilSy+gl2Hr/4suCUBxgeGgRN/f5SnAPmDd/UHnlot0ZzfR
t7MRrtvLDMjf9UOftOwovcG2Q31ZYfcn5b22EobN/CVSGx/2vfu8XQLH4kBcTRsx
n75GFBbCFdpCXAIz2Ti+8grfM1bIGzM/Fggi1b/jl/S+AVBeBLAAuhugn05rmV16
6lo0THKwbJIRO69/ZvkX36wGr4KbtXfc5f6i4wszLzRg1p0AfCW2QddB565VczA=
=IcGa
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list